AbuseSA Benefits

AbuseSA is a solution for monitoring cyber threats from external sources. It collects information on malicious activity. It processes the information in real time and as a result it produces actionable reports and visualizations. AbuseSA helps our clients to protect their critical infrastructure (industry or government) and innocent bystanders (individuals) from malicious activity in the cyberspace.

Full Abuse Handling Automation

AbuseSA fully automates data collection from a number of great information sources. The information security community has long provided data on incidents they see in different networks. Unfortunately, this information has not been utilized to the full, since there simply is too much data to cope with through a manual processes. AbuseSA automates data collection and reporting, letting you focus on more advanced work.

picture

A fully automated abuse handling process.

Works in a Browser

Deploy once, run everywhere. AbuseSA supports webkit-based browsers such as Chrome or Safari. You can access up-to-date information easily, even through tablets such as iPad.

Actionable from the Start

AbuseSA will enable you to benefit from pre-processed, external abuse feeds. These feeds target abuse which has been observed in the wild and related to your network assets or those of your constituency. Through automation, your abuse handling process will improve by the order of two magnitudes. If you are currently working with legacy detection mechanisms, you will save time and money by having confirmed incidents on the top of your work list, rather than constantly having to fine-tune and maintain alert thresholds, design or tweak failing heuristics or deal with a large number of false positives.

picture

Abuse reports per type.

Actionable Information and Full Automation

Rather than retrofitting a solution not built for abuse handling automation, why not deploy AbuseSA which has been built specifically to deal with Internet abuse? AbuseSA will collect, process and report actionable abuse intelligence collected over varying transport protocols, application protocols or data formats. Moreover, this approach makes AbuseSA futureproof, as it is not reliant on any single feed provider or collection mechanism. With AbuseSA, you will be able to consume more data sources than ever, which in turn will enhance your abuse situation awareness.

Always on Time

Since we are using a distributed and streaming model for collecting, processing and reporting abuse data, your actionable reports will always be on time regardless of a single abuse feed being down, broken or delayed. Dead-locks and live-locks simply will not happen, since data gathering, augmentation and reporting are independent functions in a streaming enterprise message bus. AbuseSA will always be able to report on actionable and timely information even if pieces information are missing. Our customers appreciate our ability to have some abuse intelligence always on time, rather than not have the intelligence at all, which usually is the failure mode in centralized batch processing architectures.

picture

Even if a source does not report a timestamp for an event, we will record our observations always on time.

Unforeseen Data Harmonization

AbuseSA will enable you to gain true Abuse Situation Awareness and harmonize all your threat intelligence into a single unified whole. The flexibility of our solution will help you advance from abuse handling automation to collaborative incident handling and real time data sharing. We can integrate to in-house ticketing systems, reporting mechanisms or whatever the complementary need be in your current or future abuse handling process. We aim to harmonize and complement, rather than reap and replace.

Optimized Storage Performance

At the end of the abuse processing pipeline, AbuseSA relies on a space efficient, reliable and physically compartmentalized database solution. Our journaling historian database is optimized for abuse event storage with minimal overhead, i.e. with 1:10 reduction of space and a significant reduction in IOPS load over traditional solutions. As our database is append-only and time partitioned, you will be able to perform live backups on the data, with minimal backup space usage. Compartmentalization will allow you to separate different data classification levels in separate backend storages with different underlying access rights.

3rd Party SQL Support

In addition to our situational awareness reports and visualizations, you will be able to export abuse event data to SQL-based 3rd party reporting and BI tools. Exports can be made from any point of observation in your abuse handling pipeline, i.e. from the raw feeds, from the synthesized intelligence used for situational awareness or from the actionable abuse reports at the end of the abuse processing pipeline. This way your reports will automatically adapt to the target audience, be it intelligence analysts interested in the raw feeds, decision makers interested in the trends and birds eye view or your constituency demanding for benchmarks or summary of the end results. Furthermore, our SQL export supports time windowing and slicing, which will enable you to report on exactly the specific time range you are interested in. This will be a life saver when your 3rd party reporting tools can't handle high volumes of raw data or the constantly changing and evolving nature of the threat intelligence.

Collaborative and Visual to the Maximum

Sharing is Caring! Automated aggregate reporting is a fine mechanism for pre-defined reporting needs, but often incident handlers will need to share data and findings in real-time. With AbuseSA, sharing your findings is real easy through URLs, which can be generated through the share button and pasted into a chatroom or written on a wiki page. Sharing your findings via URLs is a great way for analysts to work together even across long distances.

picture

Sharing is caring for your analyzed dataset.

Drill-down

AbuseSA will let you drill down even to the detail level. First it will show you a tooltip over an aggregate event with the most relevant information. Holding the mouse button down, it will show you all the information available for a given abuse event or events.

Usability Updates

We don't just ship new features. We make the existing ones better! The new AbuseSA contains a number of small usability fixes, such as more control over timeline selection, to improve immersion when working with your datasets.

AbuseSA Features

Dynamic Loading of Events

While we continue to work with CERTs, cyber defence organizations and ISPs to reduce Internet abuse, it is going to take some time until browsers can handle all the known active abuse events. AbuseSA now loads events dynamically to memory, in accordance to your timeline selection. This way your browser will need to deal only with the data you have requested.

Streamlined Filtering

AbuseSA filters are dead simple: just type in your interest and AbuseSA will update your views in real time. Forget the submit-buttons and other quirks that will unnecessarily slow you down. If you want to do more complex filtering, you may also use powerful regular expression based search strings. In addition, you can also use view based filters to show different datasets in different views.

picture

AbuseSA filters are dead simple: just type in your interest, and AbuseSA will update your views in real time.

Dynamic Legends with Tooltips

Tell your story with dynamic legends. Highlight events on a map by clicking on legend items. Legends also automatically adjusts accordingly when you zoom to a specific region. And if the amount of grouped items grows too big, legends disappears automatically and lets you to focus on the big picture.

Adjustable Map Aggregation

Wether you want to give to the decision makers high level overviews, or detail the scope of the problem, the AbuseSA map is your friend. With adjustable aggregation grid size you can choose the level of aggregation that fits your purpose.

Dynamic List View with Smart Sorting

With the Dynamic List View you can tune your view's columns and aggregation logic on the fly. Smart sorting understands networks, for example sorting of IP-addresses just works.

Categorization View - Support for Larger Datasets

First we supported high level overviews. Then we learned that certain customers need more detail and brought in raw numbers. Now AbuseSA supports both. Color highlights will help you to pinpoint the currently trending issues, even with large grids and in zoomed-out state. When the zoom level allows, numbers will automatically appear to the cells for quick comparison. Color scheme also considers our red-green color blind users.

AbuseSA Turn-key Services

AbuseSA Deployment

AbuseSA ships with deployment and Integration services in order to provide a pleasurable experience for you. We use only experienced engineers, who will be able to ship our products to hosted cloud environments, as well as to highly secured on-site premises.

Tailored AbuseSA Modules

Do you have a data source which AbuseSA does not yet support? Do you need to extend the AbuseSA reporting capabilities? Our answer to those questions is to build new custom AbuseSA modules, bots, which meet those needs. For example, you may need to integrate with an in-house ticketing system or pull data from a new abuse intelligence source.

AbuseSA Production Support

Our AbuseSA production support denotes commercial level support to your deployed AbuseSA components. We will respond and assign resources to your support request within the next business day. We shall perform the support task during the Finnish business hours, which are 09:00 - 17:00 EET (+DST), excluding Finnish national holidays. We will give you support to a named point of contact (or backup person) within your organization over email or instant messaging.

AbuseSA Contrib Support

The AbuseSA product can be extended with modules produced by the AbuseHelper community. In addition, to items described in the AbuseSA Production Support section above, the AbuseSA Contrib Support provides commercial service level support for bug fixes to AbuseHelper extensions contributed by third parties, such as by members of CSIRT-community.

AbuseSA Third Party Development (TPD) Support

In addition to items described in the previous two sections, we can provide commercial support to components which you may have developed yourself, be they bots, configurations or both. In practice, this means bug fixes and support to your own modules, as well as support for the deployed AbuseSA architecture.

AbuseSA Training

Ranging from deployment to production, we will train your key personnel to maintain the AbuseSA platform and substance components with your production environment in mind. We will provide your systems administrators the means to install, configure and maintain the platform. We will train your substance experts to configure, maintain and run the AbuseSA modules. Moreover, we will train them to add new feed sources, configure actionable reporting and statistics. Should you so desire we can provide you with process consultation as well.